Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks
Google Chrome prior to 27.0.1453.116
A vulnerability was reported in Google Chrome.
A remote user can create specially crafted Flash content that, when loaded by the target user, will display the Flash settings in a transparent manner, which may allow the remote user to cause the target user to modify their Flash settings. This may allow the remote user to obtain potentially sensitive information from the target user's camera and microphone.
A remote user can conduct clickjacking attacks against the target user's Flash configuration.
The vendor has issued a fix (27.0.1453.116).